1. Field of the Invention
The present invention relates to a client-server distributed system, a server apparatus, client apparatus, and an inter-client RTP encrypting method used for them, and more particularly to an inter-client RTP (Real-time Transport Protocol) encrypting method in a client-server type distributed system corresponding to SIP (Session Initiation Protocol).
2. Description of the Related Art
Since a client-server type distributed system corresponding to SIP protocol is a system connected on LAN (Local Area Network), it is necessary to ensure security, and an inter-client RTP packet encrypting system is defined as a countermeasure to ensure the security.
SSL/TLS (Secure Socket Layer/Transport Layer Security) and the like are defined as an ordinary encrypting system (refer to, for example, “Introduction to encrypting Technology—Alice in Secret Country, Chapter 14, SSL/TLS” (Hiroshi Yuuki, Soft Bank Publishing, Sep. 27, 2003, pp 346-367), and SRTP (Secure Real-time Transport Protocol) is defined as an RTP encrypting system (refer to, for example, “The Secure Real-time Transport Protocol (SRTP)” (RFC3711), March 2004)).
Further, MIKEY (Multimedia Internet KEYing) (refer to, for example, “MIKEY: Multimedia Internet KEYing” (RFC3830, August 2004)), ZRTP (Extensions to RTP for Diffie-Hellman Key Agreement for SRTP) (refer to, for example, “ZRTP: Extensions to RTP for Diffie-Hellman Key Agreement for SRTP draft-zimmermann-avt-zrtp-01” (AVT WG Internet-Draft Expirres: Sep. 6, 2006) (http://www.ietf.org/internet-drafts/draft-zimmermann-avt-zrtp-01)) and the like are defined as a procedure of encrypting key delivery and the like.
Since certificates are required to each other in the SSL/TLS system, certificates must be previously delivered to client apparatuses. Further, an authentification server must be prepared in the system, and a certificate must be authenticated to deliver an encrypting key each time a call is issued.
Since TCP (Transmission Control Protocol) is used as the protocol of Layer 4, the protocol is not optimum in a VoIP (Voiceover Internet Protocol) communication in which a real time property is important, and thus UDP (User Datagram Protocol) is generally employed as a protocol in the Volp communication.
In a MIKEY system which is defined as an ordinary key delivery system in SRTP, Pre-shared Key is set or a key is delivered by providing an encrypting by a public key each time communications are combined. When Pre-shared Key is used, a key must be previously delivered to each client apparatus, and when the public key is used, authentification using digital signature is necessary.
In this case, a certificate must be also previously delivered to client apparatuses. Further, an authentification server must be prepared, and a certificate must be authenticated to deliver an encrypting key each time a call is issued. Since it is time-consuming to process a public encrypting key, the public encrypting key is not optimum in the VoIP communication in which the real time property is important.
In a ZRTP system, since authentification must be carried out using Short Authentication string (SAS) having End to End, it is necessary to previously deliver SAS as well as to authenticate a certificate by preparing an authentification server to deliver an encrypting key each time a call is issued. However, since it is redundant to carry out authentification each time the call is issued, the ZRTP system is not optimum in the Volp communication in which the real time property is important.
Further, a key is managed using an RTP packet in perfect P2P. An encrypting is started after an RTP communication starts and the encrypting is set in an RTP communication without encrypting, which is disadvantageous in security.
When the SSL/TLS system is used in the related inter-client RTP encrypting method described above, since authentification must be carried out by a certificate each time a call is issued in order to notify an encrypting key, the certificate must be delivered to client apparatus, and thus a certificate management function is required, from which a problem arises in that the man-hour of a maintenance person increases.
Further, in the MIKEY system defined by SRTP, Pre-shared Key must be previously delivered when a key is delivered by Pre-shared Key. Thus, when the public key is used, since authentification by a digital signature is required, a certificate must be previously delivered, from which a problem arises in that the man-hour of a maintenance person increases.
In ZRTP, since SAS must be previously delivered to carry out authentification using SAS likewise, which is disadvantageous in an increase of the man-hour of a maintenance person. Further, since TCP is used as the protocol of Layer 4, a problem arises in that it is difficult to secure the real time property in the VoIP communication.
Therefore, the related technologies have problems in that a high cost is required to realize an encrypting security function because the man-hour of the maintenance person is necessary to manage the certificate, the authentification server is necessary to carry out authentification each time a call is issued, and the like. Further, the related technologies are disadvantageous in that it is difficult to secure the real time property when they are applied to ensure security to the VoIP communication.